Re: [GNAP] I-D Action: draft-ietf-gnap-core-protocol-00.txt
Francis Pouatcha <fpo@adorsys.de> Tue, 03 November 2020 21:58 UTC
Return-Path: <fpo@adorsys.de>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C43483A1220; Tue, 3 Nov 2020 13:58:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=adorsys.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EXwuN9NWN6rw; Tue, 3 Nov 2020 13:58:03 -0800 (PST)
Received: from DEU01-BE0-obe.outbound.protection.outlook.com (mail-be0deu01on2106.outbound.protection.outlook.com [40.107.127.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7640B3A121C; Tue, 3 Nov 2020 13:58:01 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=anIE1JgsJ6szwVJUETg+KkuvVo857NYy74edEg5Qje8gxZZQIbhew/WytGzR0HA9OzVwFhvKGUIPljG0m8O2dSpFR7pzsF9eib3LPPc8dJsEGQXjfFRm+o466iUEjpCyp8MQdwwlr8Bx+WiyaATFzcO4XMzh6K2QWhCcrCcmhmNYa9rkX0YCZyz09SLtuB17nbQudzZ7xJAO4+euNwPSMMt54H8dJ44TIIj3XzKAaEOl54SeCktrP3VUme9wT4zEmCRecgqzpERoekdrHcaI1FO9yeAr3Iq8e5/zmRQ8j/Qghew9T4Fao3Ouw7re7KdzejZFQySCt3FNdX/+5zlzEw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eR+tFTIcKmQ0I8CRqZlN9qrFttP0N3KGZs7nrxey4g8=; b=AQCGgG6+hZVOxwDcMfKInr59ZGRGSUXwBaFr1tOGFLrLt15WEN0yY3i0P7WT/+Yvwzwq9rIORly2+6aA2aNi7BtHg9PTi+SyuyCbyMjGD+bncp6lRB0a5fyW/1nd2aUb9/wzYcChC5bDX+OUq+yayDEC5H4lBWYYVQdHpg0eW0Qwvb/mU1tQZ3xr1kBnfJa4W3+bwrH1wRj9LQefqph0oChHpZC9AgxxG87URExQnumjqnWe4XqfIh4XvvE4iACDazJan3gMIPSBT36GBn4zQDW06E1HRBXTNWYYAgpG7b9aU2p7KHVgauCPSxUFPJvy0omQdTFE+MqmwCOpArODHA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=adorsys.de; dmarc=pass action=none header.from=adorsys.de; dkim=pass header.d=adorsys.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adorsys.de; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eR+tFTIcKmQ0I8CRqZlN9qrFttP0N3KGZs7nrxey4g8=; b=Az6OUZP2kdNmfcs5cMjyLwLn0kbnn2hsrz12NjK5ef/2F9YRUYwSzsqdYqjvfdrVn0r+2EW0+iZ/lKGlZyRnu3NWuUv25WOXUIPYgkPw3/+o7iE6ptPX933W7vHhsmh02rnd18tXUdmo7RX9ja5AYLuknmGxCuXY5IniXagGvTK9ZV6N2yem/RBp66ZcN4ga0jOerPESxBgPXd8iVJHNDwlyFFIGrZzv4SUgNsv9d+vw3HRpovtqITBNjPs2rT4bQbWEJYzJx5EwAuRS/yrYWk0O1weELPK927+vJ3DJEDzIVkLiitoYKVWxAV7k7W7yv8E0cHz0ysAZa8Yr2N98Yw==
Received: from FR2P281MB0106.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:11::11) by FR2P281MB0268.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:10::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.15; Tue, 3 Nov 2020 21:57:59 +0000
Received: from FR2P281MB0106.DEUP281.PROD.OUTLOOK.COM ([fe80::b06b:117e:61f0:138b]) by FR2P281MB0106.DEUP281.PROD.OUTLOOK.COM ([fe80::b06b:117e:61f0:138b%3]) with mapi id 15.20.3541.013; Tue, 3 Nov 2020 21:57:59 +0000
From: Francis Pouatcha <fpo@adorsys.de>
To: "i-d-announce@ietf.org" <i-d-announce@ietf.org>, "txauth@ietf.org" <txauth@ietf.org>
Thread-Topic: [GNAP] I-D Action: draft-ietf-gnap-core-protocol-00.txt
Thread-Index: AQHWpJRmsNLJEsCLXUKdo4jXxaYQ5am3CNs/
Date: Tue, 03 Nov 2020 21:57:59 +0000
Message-ID: <FR2P281MB01063F61DE3A38E719310CC18D110@FR2P281MB0106.DEUP281.PROD.OUTLOOK.COM>
References: <160294599277.27126.4949816992987431112@ietfa.amsl.com>
In-Reply-To: <160294599277.27126.4949816992987431112@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=adorsys.de;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [65.33.157.159]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 12247c2a-d52e-4242-b4ec-08d880438759
x-ms-traffictypediagnostic: FR2P281MB0268:
x-microsoft-antispam-prvs: <FR2P281MB0268A8F275152A8A18ECAA14CD110@FR2P281MB0268.DEUP281.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:6430;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: RWosLLXJc+E3DV8eMA2iPZiTKqxIYJftCfI0n4CoDs1Gj0W9qjIC9F3P87heKXI/S5a3GVmg28yy29oGEUp3aDvZM0zdysSW9nnQuGuaXPcv+rs3EWST5Jc337WhnAcN5Bp9VJAetgecW1cTzMU33QV6LpbzNzzfaotedqcT8ps7cGBwseUTCbgQ4VMdYo8ZVGp+P92c/t6ntaWp5Mzng0k1IKobmfTFrF0Me7/FOEtIMHA7gtfPClYpx6/wUyEehQg85WGDbGcXItjI1kDOIoRIouCdAgqZF4RN3P4mqfwd2P1a8P7R/b3oVdvBC9gGM7FXjq72IIa5OxNEmxW9ABfU4GnC8sNdk9UGtup4MbR0i7e30f9Ms4aic2JRKc1Xi5yzFuQUVYxPLwoe/DPKFw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:FR2P281MB0106.DEUP281.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(376002)(366004)(136003)(396003)(39830400003)(346002)(450100002)(21615005)(19627405001)(8936002)(316002)(8676002)(110136005)(2906002)(86362001)(66476007)(66556008)(66446008)(64756008)(76116006)(91956017)(53546011)(7696005)(186003)(83380400001)(26005)(6506007)(55016002)(5660300002)(478600001)(9686003)(52536014)(33656002)(66574015)(4001150100001)(166002)(71200400001)(966005)(66946007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: y95elfqvBEP6KQqL+QKu1RRLKEmNIW7tmwXUDSVYDWjCcQ1VhteHLGf/r5bW3tfhYJsqNve2/Lcx9GpsfwdzkpEn1rdjmUU453dephbm45WN/MDc2LZRULENO516IkZ9fSQGm8GbfpJ/8E5WTjRHuaNoLvaq+7csMYGXfiqCs2yU8s2JdF0pn+N5CvFrQxrLSe6LAqQ5IC9r8hM6gSLEQVgOd4MwDv1Mdfnl1dEL298FffQso8T5LCdkLGvcx5GO1eN4AHrXzQT3rCxb0mMtPIcPJPzd5/YW5u7rsh8IcqEGjJ64oR/vzVEk1IbKNDxiRdL2kmzgkZxOp6yOk0MqOlFt1Qi499NFuWuG5XfweRA9Qvt+5wlj2/k+brwxgj6BbKPlqhzycV6R9qmpuWdPn/VVXaNbBv+oR3ASFbZMbXoVecKrdEsz8IpqgXaTecke9NMFIvT7RRkvmE7ek+HdN3X3Yet1qCv8zmI1St6cMQ9dWucPEkePRcjO4meV/GUkagQLsdzXPtPwU9IIP/tBWUHXkq5hTJtgeP38G+icxkJswHG2mvBXpcNjFOXbqpZ0LOcxfaz+l9liVzAbNeq89M7p8MRwtv8Pw9TxwHGvVZA+JEN+/1n7iZSTZb74skSKhHRMB1O4uixavhmMbRMtYQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_FR2P281MB01063F61DE3A38E719310CC18D110FR2P281MB0106DEUP_"
MIME-Version: 1.0
X-OriginatorOrg: adorsys.de
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: FR2P281MB0106.DEUP281.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 12247c2a-d52e-4242-b4ec-08d880438759
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Nov 2020 21:57:59.4215 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5e2c5484-e522-479d-91ca-515d6e0ce228
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 8DefeXWMJlaOkFdSvFL1yxuy7UuASjLzvnXyEyRSTOVP2JlLgzJ++BxnbrdQW6NfbvRPYferMAO143v+j19QjJXjrxsLyEYo8pc+gXbjEwo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: FR2P281MB0268
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/DbF2pj4C1asKTNLhQkyFteaG0sk>
Subject: Re: [GNAP] I-D Action: draft-ietf-gnap-core-protocol-00.txt
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Nov 2020 21:58:05 -0000
sort of late but find below are my initial remarks after the first thorough reading of the draft-ietf-gnap-core-protocol-00. A) Structure of the document Grant negotiation is of an importance that requires the draft document to have a clean and understandable structure. This is missing. An example Structure could be: 1- Introduction 2- Abstract Protocol Flow 3- Roles 3.1- Role 1 3.1.1 Definition 3.1.2 Scenario 3.1.3 Authentication 3.1.4 Capabilities 3.2- Role 2 4- Requests 4.1 Resource Request 4.2 Access Request 5- Elements 5.1 Element 1 6. Interactions 6.1- Interaction Type 1 6.1.1 Protocol Flow 6.1.2 Roles/Parties 6.1.3 Elements 6.1.4 Requests 6.2- Interaction Type 2 6.2.1 Protocol Flow 6.2.2 Roles/Parties .... 6.3- Interaction Type 3 B) Current Document Roles description shall not hold any assumption on the physical structure of the party fulfilling the roles. Roles: -> grant endpoint of the AS: Why is this a post request? This eliminates the chance of having user device hosted AS (no server). -> Resource Owner (RO) : Authorizes the request? Does it authorize the request or the access to a resource? Missing Section Interactions: --> This section shall introduce the notion of interaction before we start listing interaction types. Interaction Types: --> I prefer a classification with Redirect, Decoupled and Embedded is. In the draft, we have one redirect and 2 decouple interactions and nothing else. Resource Access Request vs. Resource Request --> Both are mixed up. No clarification of the context of each section. Token Content Negotiation --> Not expressed as such. This is central to GNAP and not represented enough in the document. Requesting "User" Information we identify two types of users: RQ and RO. It will be better not to refer to a user in this draft, but either to a RQ or an RO. Dealing with the RC. Here we need a clean structure: -> Identification --> Entity vs. Instance --> Display Information -> Key location, legitimation --> Authentication -> Capability representation Dealing with Users? This belongs to two sections: Handling RQ -> Identification --> Display Information -> Credentials --> Authentication Handling RO -> Identification --> Display Information -> Credentials --> Authentication Interaction Again -> For each interaction type, we will have to describe the protocol flow and the nature and behavior of involved Roles (Parties), Elements, Requests. Best regards /Francis ________________________________ From: TXAuth <txauth-bounces@ietf.org> on behalf of internet-drafts@ietf.org <internet-drafts@ietf.org> Sent: Saturday, October 17, 2020 10:46 AM To: i-d-announce@ietf.org <i-d-announce@ietf.org> Cc: txauth@ietf.org <txauth@ietf.org> Subject: [GNAP] I-D Action: draft-ietf-gnap-core-protocol-00.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Grant Negotiation and Authorization Protocol WG of the IETF. Title : Grant Negotiation and Authorization Protocol Author : Justin Richer Filename : draft-ietf-gnap-core-protocol-00.txt Pages : 119 Date : 2020-10-17 Abstract: This document defines a mechanism for delegating authorization to a piece of software, and conveying that delegation to the software. This delegation can include access to a set of APIs as well as information passed directly to the software. This document has been prepared by the GNAP working group design team of Kathleen Moriarty, Fabien Imbault, Dick Hardt, Mike Jones, and Justin Richer. This document is intended as a starting point for the working group and includes decision points for discussion and agreement. Many of the features in this proposed protocol can be accomplished in a number of ways. Where possible, the editor has included notes and discussion from the design team regarding the options as understood. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-gnap-core-protocol/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-gnap-core-protocol-00.html Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ -- TXAuth mailing list TXAuth@ietf.org https://www.ietf.org/mailman/listinfo/txauth
- [GNAP] I-D Action: draft-ietf-gnap-core-protocol-… internet-drafts
- Re: [GNAP] I-D Action: draft-ietf-gnap-core-proto… Francis Pouatcha